To Keep Passwords Safe from Hackers, Just Break Them into Bits

A new way for websites and other online services to store passwords could prevent breaches like the one that resulted in 6.5 million LinkedIn users having their passwords posted online earlier this year.

That kind of data dump happens when an attacker gains access to the server storing user passwords. Researchers at computer security company RSA have created a system that splits passwords in two and stores each half in different locations. The two halves never come together, even when a person logs in and has his password verified. That should make it harder for someone to steal them, because a thief would need to break into both those servers, which can be protected in different ways.

“Password storage is increasingly problematic because of the increasing frequency of breaches but also because the consequences of them have increased,” says Ari Juels, who heads RSA’s research labs in Cambridge, Massachusetts. Juels says losing control of one online account can provide attackers with information to help break into others, and many people simply reuse passwords on multiple accounts anyway.

Although LinkedIn and many other companies encrypt passwords—so their servers don’t contain the exact string that a user types—attackers have a range of tools that can reverse this encryption, says Juels. Even the very best practices, which LinkedIn didn’t use, can be broken.

“Our view is that it’s better for passwords and other credentials not to be stored in one place,” Juels says, making it more difficult for an attacker to get hold of everything he needs to re-create a person’s password.

RSA’s new scheme works by breaking a password into many small pieces and storing half of those pieces—selected at random—in one place, and the rest in another. RSA calls the approach distributed credential protection. “If one location is attacked, the passwords are still safe,” says Juels. “Where the magic comes in is the ability of the system to check passwords without reassembling them.”

When a person logs into a system using distributed credential protection, the password he or she provides is split into two encrypted strings of data. Each string is then sent to one of the two password servers, where it is combined with the half of the password stored on that server to create a new string. The two servers then compare these two new strings to determine whether the password is correct or not. The mathematics involved means that it is impossible to determine the password from either of these strings, or both of them combined—so the password remains unknown even if an attacker can capture the strings.

The two servers involved can be set up with different operating systems and in different locations, says Juels, so stealing passwords requires mounting two separate attacks successfully. These would have to happen in short order, too, because the system periodically refreshes which random half of the snippets of a password are stored on each server.

The software will go on sale later this year, says Juels.

RSA’s new approach is a version of a technique known as threshold cryptography, which has long been explored by researchers. “The concept is not new, but this would be the first time that it is deployed to the general public,” says Dan Boneh, a professor at Stanford University who has researched such designs. Threshold cryptography is used behind the scenes by the companies, known as certificate authorities, that issue the digital security certificates that help computers and Web browsers know which servers to trust—for example, when logging onto a banking website.

One way to boost the effectiveness of the approach would be to split passwords or secrets across more than just two servers, says Boneh. Juels says RSA plans to make that possible in the future, and to release software that makes it possible to use the secret-splitting approach to protect encrypted data, for example, for files stored in a cloud service.

However, Boneh notes, there are other ways for a person’s secrets to be stolen. “With password management, often the main concern is the end user—if the user’s machine is infected with malware, then there is little than can be done to secure them without resorting to a physical token,” says Boneh, referring to systems that require people to carry a key fob, or use a phone app, to supply a temporary password each time they log in.

This approach, known as two-factor authentication, is usually required only for corporate or financial accounts, but Google and Facebook now offer it for their online accounts due to the brisk trade in compromising such accounts.